It is reported that the de minimis threshold, that is the minimum value of goods below which customs do not charge duties, is USD 800.

Foreign entities or organizations need a bona fide presence to set up a US domain (".us") or be a US citizen, permanent resident or an American organization. "Bona fide presence" requires the entity to have either physical presence or regularly engage in lawful activities (sales of goods or services or other business, commercial or non-commercial including not-for-profit activities) in the United States. The ".com" and ".org" domains have been made available by US authorities to both domestic and foreign users.

The US has predominantly self-certification regime, where the manufacturer tests his product, prepares a technical report demonstrating compliance. The Technical documentation must be retained and, if required, submitted to the FCC (Federal Communication Committee) on request.

A provision in the Consolidated and Further Continuing Appropriations Act (H.R.933), which President Obama signed into law in March 2013, bars the departments of Commerce and Justice, the National Aeronautics and Space Administration (NASA), and the National Science Foundation from procuring any information technology (IT) systems that are produced, manufactured, or assembled by any company owned, directed, or subsidized by the People’s Republic of China, unless the Federal Bureau of Investigation (FBI) has completed an assessment of the security risk of cyber espionage or sabotage associated with the system to the United States.

Based upon the internationally-agreed Wassenaar Arrangement, the U.S. Commerce Control List (CCL) is a list maintained by the Department of Commerce's Bureau of Industry and Security (BIS). Sections 3-4 deal specifically with electronics and computers, and have targeted semiconductors and computer chips in recent years with so-called Export Control Lists, seeking both to restrict their export to China, as well as the (re-)exporting of these technologies from relevant allies (such as Taiwan, Germany, South Korea, Japan, and the Netherlands) to China. The CCL works in tandem with the Entity List, which is also maintained by the BIS, and which outlines specific firms, governments, and individuals who are restricted in their business access with US exports.

The Biden administration reviewed the prior administration's export control policies towards semiconductors and microchip technologies, and have maintained and expanded them.

The US Export Administration Regulations (EAR) regulate exports of commercial communication satellites and technology that uses certain types of encryption.
Commercial communications satellites were moved from the military export controls of the State Department to the civilian or “dual use” controls of the Commerce Department in 1996. These regulations are less restrictive than the previously applied United States Munitions List (USML) under the jurisdiction of the Directorate of Defense Trade Controls (DDTC). However, there are still export regulations in place which may constitute an additional burden for exporters of these items. There is also the matter of the Export Control Reform Act (ECRA) of 2018, which came into effect in 2020. The ECRA modifies the existing EAR, by focusing specifically on digital goods and dual-use technologies, in a move largely seen as a counterbalancing act directed towards China.
Similarly, the Department of Commerce's Bureau of Industry and Security regulates the export of technology that uses certain types of encryption and imposes certain registration and reporting requirements, as well as provides outlines for when an item is deemed not subject to the EAR.

The Secure and Trusted Communications Networks Act, first introduced in late 2019 before coming into law in March 2020, establishes a list under the purview of the Federal Communications Commission (FCC) of services that pose national security threats. This list, known as the "List of Equipment and Services that Pose Security Threat" was most recently updated in late March 2022, adding the Russian Kapersky security service, as well as two Chinese telecommunication firms, China Telecom and China Mobile International. Being on the list bans the company in question from all US government networks and disqualifies the company from receiving any FCC funds.

The Allow States and Victims to Fight Online Sex Trafficking Act and the Stop Enabling Sex Traffickers Act (FOSTA-SESTA), has amended Section 230 of the Communication Decency Act in 2018 to no longer apply to federal or state sex-trafficking law. FOSTA allows for private lawsuits and criminal prosecutions against Internet platforms and websites, based on any action perceived to either promote prostitution or advertise/facilitate sex trafficking.

In the United States, the Digital Millennium Copyright Act (DMCA) establishes a conditional safe harbor that focuses specifically on copyright infringement claims. Title II of DMCA protects online intermediaries from liability in the case of copyright infringement, provided a notice and takedown system to deal with infringements is implemented. The DMCA amended Title 17 of the United States Code to extend the reach of copyright, while limiting the liability of the providers of online services for copyright infringement by their users.
Intermediaries also have the right to counter-notify, when they believe there is no copyright infringement involved. Safe harbor is available only to an intermediary that “does not receive a financial benefit directly attributable to the infringing activity, in a case in which the service provider has the right and ability to control such activity."

The Communication Decency Act (Section 230) establishes a safe harbour regime for intermediaries beyond copyright infringement.

Under Directive No. 3340-049a of 2018, US Customs and Border Protection (CBP) asserts broad powers to conduct device searches and requires travelers to provide their device passwords to CBP agents. Section 5.3.1 provides that "travelers are obligated to present electronic devices and the information contained therein in a condition that allows inspection of the device and its contents. If presented with an electronic device containing information that is protected by a passcode or encryption or other security mechanism, an officer may request the individual's assistance in presenting the electronic device and the information contained therein in a condition that allows inspection of the device and its contents." It is reported that CBP officers have compelled American citizens to unlock and hand over their phones, even after being told that the phone contained sensitive data. The directive also includes a provision that allows officers to examine a phone with external equipment if there is a "national security concern (Section 5.1.4).

Section 702 of the Foreign Intelligence Surveillance Act allows the National Security Agency to conduct searches of foreigners' communications without any warrant. It is reported that these searches incidentally collect an unknown amount of communications belonging to Americans.

It is reported that foreign communications infrastructure providers have been asked to sign Network Security Agreements (NSAs) in order to operate in the US. These agreements ensure that U.S. government agencies have the ability to access communications data when legally requested, often through a National Security Letter (NSL). NSLs do not require prior approval from a judge. The data in question can include call-identifying information, user location, call duration, start time, end time, IP addresses, location information, URLs, etc., and must be reported to the federal Department in question within five business days following request.

The HIPAA of 2013 requires the designation of a privacy official for HIPAA-covered entities to develop and implement the policies and procedures of the entity (§ 164.530 on administrative requirements).

The E-Government Act of 2002, Section 208, establishes the requirement for agencies to conduct privacy impact assessments (PIAs) for any information electronic collections and information technology (IT) systems that contain personally identifiable information (PII).